IBM Lotus Domino tunekrnl overflow vulnerabilities

Technote (FAQ)


Question

iDEFENSE contacted IBM® Lotus® to report two potential overflow vulnerabilities in the tunekrnl file used by IBM Lotus Domino® on Linux® operating systems.

This issue is specific to Domino on Linux operating systems. Domino 6.x and Domino 7.0.x on Linux on zSeries® and Domino 7.0.x on x86 are affected by these issues. If successfully exploited, this vulnerability would allow a local attacker to elevate their privileges to root.

The iDEFENSE advisory can be accessed at the following link:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=440


Answer

This issue was reported to Quality Engineering as SPR# KEMG6SRKEM and has been fixed in Domino 6.5.5 Fix Pack 2 (FP2) and Domino 7.0.2.


To work around this issue in previous affected releases, the tunekrnl binary file can be renamed or deleted or the set-user-id bit can be removed. This will prevent exploitation of the vulnerability, but it will also cause the loss of some tuneable setting changes which affect the performance of Domino.

Additional Information:
Attack vector: Local system
Impact: Privilege escalation
Mitigating factors:

  1. File can be removed as a workaround
  2. Requires local system access to exploit


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Lotus End of Support Products
Lotus Domino

Software version:

6.0, 6.5, 7.0

Operating system(s):

Linux, Linux zSeries

Reference #:

1249173

Modified date:

2006-11-07

Translate my page

Machine Translation

Content navigation